0850 800 1483
The biggest deficiency we see in the companies we provide consultancy services to, especially as a result of penetration tests, is more than product or low user awareness;
These are the problems in the titles.
Within the scope of our 3S Service model, we manage all security processes of the institutions and organizations we serve.
“Technology”, “Organizational”, “Policy”, “Operational”, “Cyber Threat Intelligence”
We discuss it under 5 headings:
“Rule Improvement”, “Log Analysis”, “Automation”
We adapt it to the existing structure in 3 stages consisting of steps.
This process involves identifying the technological resources of your institution and evaluating the logical-physical configuration settings through the lens of the "incident response" team. If your organization's technological resources are not analyzed with an IR eye, the most important log records will not be transferred to your SIEM solution when your systems are under attack due to the lack of your security architecture. This situation will cause your investment of thousands of dollars to fail you in the most critical situation.
Institution of this process describing We can call it .
The process steps are as stated on the side.
It consists of the stages of determining the hardware and software resources (operating system, applications, etc.) used in your corporate local network, branch offices and DR site, your services open to the outside world, your resources open to your business partners, and your connection with them (MPLS, IPsec, etc.).
In order for your company to achieve success in line with its goals, cooperation between units and process management must progress in an integrated manner. Since an attack by an attacker not only on IT resources but also on the resources of any department (HR, finance) can affect all business processes, your SIEM consultant should; With the logic of "Line Of Business", the company needs to create correlation rules for the organizational flow between IT and other units and for digital processes that are open to manipulation.
Due to the intensity of operational loads, it can become almost impossible to configure the servers, network equipment and security systems serving your institution in accordance with "best practice". In many institutions, log outputs of Linux and Windows operating systems are left by default. Therefore, the consultant personnel who come to provide service must meet the security benchmarks in at least the systems facing the outside world within your server architectures or just detect and report them according to the agreement between you. Of course, this personnel should not be the personnel who installed the product, but should be a personnel from the "Incident Response" team that comes with the installation team.
The company carrying out the SIEM project must also carry out a vulnerability analysis study and, in addition to in-house system improvement, must help you identify and close the vulnerabilities on the services. Thus, when you commission your SIEM product, you will establish a structure that you can be highly confident in its security.
In the first stage, Technology, after topological errors are detected, the architectural design should be discussed again with the relevant teams and if there is a deficiency, it should be corrected and no point should be left open to vulnerability.
When we consider security from the "Last line of security" framework, we can conclude that today's attack vectors are now aimed at humans, with "phishing attacks becoming more widespread". Therefore, the company that will carry out the SIEM project must test the awareness of your staff. The table that will emerge as a result of the test should present both endpoint security logs and solution suggestions that can increase staff awareness.
At this stage when ISO standards are in effect, if your institution has a standard that has been studied before (27001, 27002, etc.), the findings obtained as a result of the outputs here and the rule sets for the studies should be defined on the SIEM product.
It is a process in which we analyze how the IT department of the institution or organization manages its security/system/network operations and how it behaves under a cyber threat. After this process, the fragility of the organization's IT team is measured.
We handle these processes with Use Cases that are completely specific to the organization.
Cyber threat intelligence and orchestration process is a feature that should be considered and included in the SIEM solutions you use or want to use, unless you are using a separate product for this need. This process allows you to take precautions by querying possible attacks on certain platforms with proactive analysis and warning you in a big data environment such as SIEM, which monitors your organization's assets, processes, system information and other critical information processes.
In this way, you will be informed of an attack that may pose a threat to your systems, not when the attack comes to you like a goalkeeper facing the opponent team's striker, but by knowing the game plan of the opposing team in advance, like a coach, so that you can be on the side that manages the game. We provide reporting of possible attacks before they occur and a 24/7 security response process in the event of an attack.
Rule Improvement At this stage, the logs produced by your existing systems are analyzed according to your business processes and data structure by considering your organization's Technology, Operational and Policy processes, and the results are sent to your SIEM system in a meaningful way.
Log Analysis Since we have full knowledge of all the processes of your institution/organization at this stage, we simulate attack scenarios that may occur on your internal/external assets and provide you with the list of correlation rules necessary for these to occur as alarms in your SIEM system. Since we have a product-independent consultancy model, if the SIEM system is not available in your institution, we offer you a pay-as-you-use model with a monthly model by commissioning the InfiSIEM system.
Automation phaseThe model we call RPA (Robotic Process Automation) is the model that we integrate into your system structure. Since we have revealed the real attacks that may occur in your processes in the S1 and S2 stages, it is stated that since you now have a SIEM architecture in which false positive alarms are minimized, the alarms that may occur will now be real alarms. In this sense, we offer you, in a robotic structure, the defensive measures you can take against an attack that may come to your organization during or outside working hours. Our robotic structure, which we will trigger when the relevant alarm occurs, provides a 24/7 security perspective by creating rules for your security systems and blocking the attack IP address and attack method.